Information systems security and the information systems development project towards a framework for their integration

Abstract

Information systems development practices often require trade offs between make-or-buy decisions. Contemporary practices tend along the 'buy' maxim, resulting in systems that are largely depended on commodity IT facilities. Such systems development however introduces new security problems. New ways of addressing and resolving security hazards, early within the development lifecycle, must therefore be introduced in the systems development field. To do so, we need to properly associate the existing development context with suitable concepts that introduce security within it. In this paper we address the challenges arising by new forms of systems development and describe the factors that are most likely to be taken under consideration for securing the system under development.